You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/introduction-agentic-devops-microsoft-tools-azure/6-knowledge-check.yml
+9-9Lines changed: 9 additions & 9 deletions
Original file line number
Diff line number
Diff line change
@@ -22,7 +22,7 @@ quiz:
22
22
explanation: "Deterministic, scripted execution is the defining characteristic of traditional automation, not agentic capabilities."
23
23
- content: "It observes intermediate results and adapts its plan to reach a defined goal."
24
24
isCorrect: true
25
-
explanation: "The observe-reason-act loop — combined with goal orientation and tool invocation — is what distinguishes agents from scripted automation."
25
+
explanation: "The observe-reason-act loop, combined with goal orientation and tool invocation, is what distinguishes agents from scripted automation."
26
26
- content: "It can only suggest actions without executing them."
27
27
isCorrect: false
28
28
explanation: "Agentic capabilities span a full autonomy spectrum; many can execute actions, not only suggest them."
@@ -36,19 +36,19 @@ quiz:
36
36
explanation: "Reversible operations with low blast radius and high frequency are suitable for autonomous execution, and work item assignment meets all three criteria."
37
37
- content: "Inform only, because agents should never interact with project management data."
38
38
isCorrect: false
39
-
explanation: "Inform is unnecessarily restrictive for this task. Agents can interact with Boards data; the question is how much autonomy is appropriate."
39
+
explanation: "Inform is restrictive for this task. Agents can interact with Boards data; the question is how much autonomy is appropriate."
40
40
- content: "Which of the following DevOps operations must always retain a mandatory human authorization step regardless of agent maturity?"
41
41
choices:
42
42
- content: "Generating a pull request description for an infrastructure change."
43
43
isCorrect: false
44
44
explanation: "PR description generation is informational. No state is changed until a human opens the PR."
45
-
- content: "Creating RBAC role assignments in a production Azure subscription."
45
+
- content: "Creating RBAC (Role Based Access Control) role assignments in a production Azure subscription."
46
46
isCorrect: true
47
-
explanation: "RBAC changes in production have low reversibility and compliance implications that require documented human authorization."
47
+
explanation: "RBAC (Role Based Access Control)changes in production have low reversibility and compliance implications that require documented human authorization."
48
48
- content: "Summarizing the previous week's pipeline failure history."
49
49
isCorrect: false
50
-
explanation: "This is a read-only, Inform-level operation that carries no blast radius or reversibility risk."
51
-
- content: "A platform team is designing their agentic DevOps deployment. They want to allow agents to generate and validate Bicep templates but require human review before applying changes to non-production environments. Which autonomy level does this describe?"
50
+
explanation: "This Inform-level operation is read-only, which carries no blast radius or reversibility risk."
51
+
- content: "A platform team is designing their agentic DevOps deployment. They want to allow agents to generate and validate Bicep templates but require human review before applying changes to nonproduction environments. Which autonomy level does this describe?"
52
52
choices:
53
53
- content: "Inform"
54
54
isCorrect: false
@@ -58,15 +58,15 @@ quiz:
58
58
explanation: "Execute autonomously means no per-step confirmation is required. This scenario explicitly requires human review before execution."
59
59
- content: "Execute on approval"
60
60
isCorrect: true
61
-
explanation: "Execute on approval means the agent prepares the execution plan and waits for explicit human confirmation before proceeding — matching this scenario exactly."
61
+
explanation: "Execute on approval means the agent prepares the execution plan and waits for explicit human confirmation before proceeding. Exactly matching this scenario."
62
62
- content: "What is the primary reason to implement audit logging for agent-initiated Azure resource operations from the start of an agentic DevOps pilot?"
63
63
choices:
64
64
- content: "To prevent agents from making any changes to Azure resources during the pilot period."
65
65
isCorrect: false
66
-
explanation: "Audit logging records actions; it doesn't block them. Preventing changes is handled by authorization scoping and approval gates."
66
+
explanation: "Audit logging records actions; it doesn't block them. Authorization scoping and approval gates prevent changes."
67
67
- content: "To create the compliance baseline and feedback mechanism needed to responsibly expand agent autonomy over time."
68
68
isCorrect: true
69
69
explanation: "Audit logs serve two purposes: they satisfy compliance requirements and they provide the evidence that builds confidence for expanding autonomy as agent behavior is validated."
70
70
- content: "To ensure that all agent actions are reviewed by a security team before they take effect."
71
71
isCorrect: false
72
-
explanation: "Pre-flight review is handled by approval gates, not audit logs. Audit logs record what happened, enabling post-hoc review and incident investigation."
72
+
explanation: "Approval gates handle preflight review, not audit logs. Audit logs record what happened, enabling post-hoc review and incident investigation."
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/introduction-agentic-devops-microsoft-tools-azure/includes/4-set-autonomy-boundaries-human-control.md
+6-5Lines changed: 6 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,8 +1,9 @@
1
1
Identifying high-value agentic opportunities is the easier half of the problem. The harder half is deciding exactly how much autonomy to grant for each one. And also building the guardrails that keep your production environment safe when agents operate within it.
2
2
3
-
The engineers who get this wrong tend to fall into one of two failure modes:
4
-
- they lock down agents so tightly that the only value delivered is autocomplete-level suggestions,
5
-
- or they extend autonomous execution to actions whose blast radius they haven't carefully analyzed.
3
+
The engineers who get this concept wrong tend to fall into one of two failure modes:
4
+
5
+
-**locked-down agents**: agents are locked so tightly, that the only value delivered is autocomplete-level suggestions.
6
+
-**autonomous execution**: agents run actions autonomously, without carefully analyzing impact.
6
7
7
8
Both failures undermine adoption and erode trust. The goal is a calibrated model that matches autonomy level to reversibility, blast radius, and regulatory context.
8
9
@@ -17,7 +18,7 @@ Not all agentic actions carry the same operational weight. A useful way to class
17
18
|**Execute on approval**| Prepares execution plan and waits for explicit confirmation | Review plan and authorize each step | Create a work item, update a variable group, and generate and apply IaC changes to a non-production environment |
18
19
|**Execute autonomously**| Takes action through the full sequence without per-step confirmation | Define scope, monitor outcomes, and receive summary | Assign and triage incoming bug reports, run read-only API queries, and generate unit tests for new functions |
19
20
20
-
Most of your day-to-day agentic operations will sit at **Inform** and **Suggest** for the first months. That's not a technical or adoption limitation. It allows your team to build up confidence and trust in agent behavior and develop the observability instrumentation to audit what agents do.
21
+
Most of your day-to-day agentic operations will sit at **Inform** and **Suggest** for the first months. This approach is not a technical or adoption limitation. It allows your team to build up confidence and trust in agent behavior and develop the observability instrumentation to audit what agents do.
21
22
22
23
## Classify actions by reversibility and blast radius
23
24
@@ -36,7 +37,7 @@ Combine these dimensions and you get a quick classification model:
36
37
| Low | Low | Execute on approval |
37
38
| Low | Medium or High | Suggest only — human executes |
38
39
39
-
**Never grant autonomous execution** to actions that combine low reversibility with any meaningful blast radius. Production deployments, secret or credential operations, network security group modifications, role assignment changes, and policy exceptions all fall in this quadrant regardless of how well-tested your agent instructions are.
40
+
**Never grant autonomous execution** to actions that combine low reversibility with any meaningful blast radius. Several examples fall in this quadrant, such as production deployments, and how you handle secret or credential operations. Or think of network security group modifications or role assignment changes. Regardless of how well-tested your agent instructions are, keep human oversight as guardrail for these.
40
41
41
42
## Define human control points for production-facing operations
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/introduction-agentic-devops-microsoft-tools-azure/includes/7-summary.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,11 +4,11 @@ You've now defined that layer precisely, mapped where it delivers value across t
4
4
5
5
## Key concepts from this module
6
6
7
-
-An agent is distinguished from automation by goal orientation, tool invocation, and adaptive observe-reason-act loops. These properties let agents handle multi-source, multi-step tasks that require context synthesis rather than scripted execution.
8
-
-The Microsoft platform provides agentic capabilities across a spectrum: from GitHub Copilot suggestions and agent mode, to Azure Copilot's specialized operational agents, to Azure DevOps AI features embedded directly in daily workflow surfaces.
9
-
-The DevOps phases most amenable to early agentic adoption are plan/track work, code review, pipeline failure triage, and operational observability — tasks that are high-frequency, information-intensive, and produce reversible or read-only outcomes.
10
-
- Autonomy levels should be matched to reversibility and blast radius. Low reversibility and high blast radius operations — production deployments, credential operations, RBAC changes, policy exceptions — require human authorization regardless of agent maturity.
11
-
- Observability and audit logging for agent-initiated actions are required from day one, not added later. They form the compliance baseline and the feedback mechanism for responsibly expanding autonomy over time.
7
+
-**Agents vs. automation**: Agents are goal-oriented, invoke tools dynamically, and adapt through observe-reason-act loops. This lets them handle complex, multi-step tasks requiring context synthesis instead of scripted steps.
8
+
-**Microsoft's agentic spectrum**: GitHub Copilot, Azure Copilotagents, Azure DevOps AI, and MCP extensibility provide agentic capabilities across different surfaces.
9
+
-**High-value DevOps phases**: Plan/track, code review, pipeline triage, and observability are best suited for early adoption—they're frequent, information-rich, and low-risk.
10
+
-**Autonomy matching**: Tie autonomy levels to reversibility and blast radius. High-risk operations (deployments, credentials, role assigments, policy changes) always require human approval.
11
+
-**Observability from day one**: Log and audit all agent actions. This ensures compliance and provides feedback for safely increasing autonomy over time.
0 commit comments